Cyber Security Headlines – March 2, 2021

Gab user data leaked

The group Distributed Denial of Secrets claims to have pulled 70 gigabytes of user data from the social network Gab through a SQL injection vulnerability, including public and private posts, as well as passwords. The group says it will share the data selectively with journalists, social scientists, and researchers. Gab CEO Andrew Torba said the site patched a vulnerability to a SQL injection attack last week but has no confirmation a breach took place. 


Biden administration to keep tech export ban rules

The Wall Street Journal’s sources say that the Biden administration plans to allow rules proposed under the Trump administration that would empower the US Commerce Department to ban technology-related business transactions deemed a threat to national security to go into effect.  These rules were initially proposed in November, and administration officials have reportedly signaled to the business community that it won’t enforce the rules aggressively. The Commerce Department says it is still accepting public comment on the rules until the go into effect March 22.


Hackers give websites great SEO before installing malware

According to security researchers at Sophos, malware operators are increasingly using SEO tricks and social engineering to push websites infected with malware up Google’s search rankings. The ultimate goal is to deploy the infection framework for the Gootkit Remote Access Trojan, which researchers estimate requires the operation of hundreds of servers to effectively pull off. Websites hit with this “Gootloader” technique are manipulated to answer specific search queries. Infected message boards have also been seen to subtly tweak content to seemingly answer specific search queries and get them to click through. Once the trojan is installed, it’s used to further deploy Kronos, Cobalt Strike, and REvil ransomware.


China reportedly behind massive power outage in Mumbai 

According to a new white paper from the security intelligence firm Recorded Future, a group of China-based threat actors dubbed “RedEcho” injected 10 Indian power sector organisations and a pair of Indian seaport operators with malware. This was the probable cause of a massive power outage in Mumbai back in October. It seems that the outage was only caused by a small subset of malware, with most never activated by the operators. The malware appears to have been injected in May 2020 during a border standoff between India and China.

(The Register)

Thanks to our episode sponsor, TrustMAPP

First it was GDRP in the EU, then California’s CCPA. Now Virginia is set to pass its own Consumer Data Protection Act. Are you ready? Get ready with TrustMAPP.

Google Voice outage blamed on certificates

An incident report from Google said a Google Voice outage last month was caused by expired TLS certificates. The outage seemingly impacted a majority of Voice users for over four hours between February 15th and February 16th. Google uses TLS certificates to encrypt all traffic, which are regularly rotated to keep connections secure. The active certificate in that rotation inadvertently expired, resulting in users unable to make new connections, although existing ones were unaffected. Google said its working on updated notifications and automation to ensure an active certificate won’t expire again. 

(Bleeping Computer)

New iOS jailbreak released

The Unc0ver team released its latest iOS jailbreak, which is effective against Apple devices running iOS 11 through iOS 14.3, which Apple released this past December. The team utilized a kernel exploit that Apple previously identified as possibly being under active exploitation to achieve the jailbreak. iOS 14.4 patched the kernel flaw and made the jail break ineffective. Unc0ver’s previous jailbreak was effective through iOS 13.5, with Apple releasing patches against it in a matter of days. 


Phone scammers are simulating cyberattacks

A combination of updated phone carrier protocols and a global pandemic put a temporary lull on robocalls and phone scams. However, according to Connecticut Attorney General William Tong, his office is increasingly seeing phone scams tied to circumventing two-factor authentication. Robocalls peaked in October 2019 with 5.7 billion in the month, before going down to 2.9 billion in April 2020, and averaging between 3 and 4 billion the rest of the year. Classic robocall scams claiming to be from Microsoft Windows support still exist, but increasingly attackers are using text messages to pose as banks inquiring about fraudulent transactions, ultimately attempting to gain access to accounts. Telephonic denial of service attacks have also seen a rise, with attackers calling a victim nonstop from a variety of numbers until a ransom is paid. While protocols like STIR/SHAKEN have tamped down on some robocalls, malicious actors are increasingly finding creative ways that emulate cyberattacks to scam victims. 


Scientists develop random number generating laser

Researchers from Nanyang Technological University, Singapore, Yale University, and Trinity College Dublin developed a 1 millimeter long laser that can generate 250 terabytes of random bits per second, more than 100 times faster than computer-based RNGs. It can also create many bitstreams simultaneously. The light bounces between mirrors interfering with itself and creating intensity fluctuations at 254 spots every trillionth of a second. The researchers hope to incorporate the laser and camera tracking system into a chip for directly feeding the results into a computer, with cryptography one of the obvious applications. 


Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.